Open Source Insider

Nov 30 2014   8:29AM GMT

Google Santa free & open source anti-malware tool

Adrian Bridgwater Adrian Bridgwater Profile: Adrian Bridgwater

Open source

Google is bringing Santa in early for Christmas.

The search and cloud giant has brought forward its “internal” anti-malware tool known as Santa to free distribution on GitHub here.


Naughty or nice?

Santa is so named because it keeps track of binaries that are both “naughty and nice” said Google.

The technology is a binary-based whitelisting/blacklisting system for use on systems running the Mac OS X operating system.

It consists of a kernel extension that monitors for executions.

There is also a “userland daemon” that makes execution decisions based on the contents of an SQLite database.

What is a UserLand daemon?

TECHNICAL NOTE 1: UserLand (sometimes also known as user space) is a term referring to “less privileged” software code (with related libraries) running outside the perimeter of an operating system’s central kernel for I/O operations functions and tasks including the manipulation of file system objects.

TECHNICAL NOTE 2: A daemon (pronounced DAY-muhn) is a program that runs continuously and exists for the purpose of handling periodic service requests that a computer system expects to receive.

Also here is a GUI agent that notifies the user in case of a block decision and a command-line utility for managing the system and synchronising the database with a server.

Google Macintosh Operations Team sysadmins Russell Hancox is the tool’s author.

Hancox drove the development of this software with the aim of protecting Google’s own base of Macs, but it is now offered to the general public for free.

Image credit:

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: